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SELF -REPAIRING 



OPERATING SYSTEM FOR COMPUTER ENTITIES 



Field of the Invention oartic ularly to a method of 

The present invention reiates computers Qf g system 

installing an operating system in a computer entity, m the 



5 



failure. 

p irlrnrmin^*"« t " >lnventlon 



10 



15 



20 



25 



mr i - — — — — — 

device, e.g. a system a. configuration settings for 

appliance. In a head e P ^ ^ (o gn jntema , 

the appliance can directly n console, 
operating system, or to application software since there ,s sys 

A prior art solution used in headless appliances is to place an operating 
I flash ROM thereby ensuring that the operating system cannot be 
system in a flash ROM, me™ y ODera ting system can be 

This is fine for appliances in which an operauiiy y 

j easily damaged. This is tine tor app aHached storage device (NAS). 

contained in a flash ROM, such as a network attached 
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However, where a headiess co.pu.er entty is inning appl,cat,o s he o« 
system is far ,o iarge .o « into a flash ROM and has to be s ored on a hard d,s ^ 
Hard disks are vulnerable to conuption and damage an the* m. m-c 
operating system faiiure where the operating system is stored on a hard d,sk. 

A prior art solution for rectifying faiiure of an operating system stored on a 
h ard di k ncludes a system deve,oped by Microsoft* and Intel*. - . No 
ardware and B.OS additions to a processor and hard disk ensure » a, a 
running primary operaUng system fails in any way, for example M. boot to* 
up or Lhes, then the BIOS sw«ches to another identical copy of the operafng 
system stored on a hard disk. This system is based on: 

. An NVRAM message passing interface between a BIOS and the 
primary operating system, allowing the primary operating system to 
indicate to the BIOS that it has booted successfully. 

. Hardware "watchdog" timers which reset the hardware if the primary 
operating system fails to clear the timers, so that if tne operafng system 
ocks. the Jatchdog timers are not cleared, and the system au— V 
detects this and resets the BIOS extensions which trigger a boot from a 
second partKion on the hard disk containing a seco ndary op n*ng 
system if the primary operating system stored on the f,rs. pardon ,a,ls to 
boot twice. 

. software to check that the primary operating system fuliy boots, by 
mentoring key services provided by the operating system, and mak,ng 
sure that they are running smoothly after boot of the opera,ng system. 

The concept of an opera«ng system rebuild function in which a secondary 
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However, this known system assumes that the primary operating system is static 
and invariant with time. 

in the case of computer entities running applications, there are many 
conjuration settings which need to be made and reapplied. Therefore. ,n a 
computer entrty running applications, there are other parts o, software and code 
beyond the operating system which may need to be included in a ful, system 
rebuild following a faiiure of an operating system. The known rebuild system ,o< 
Microsoft does not address the problem of how to rebuild a ful, system 
including applications settings in an automated manner, without the requirement 
for a user console. 

The above known approach has the disadvantage and risk of failure if 
applied to a headless computer entty. In a headless computer entity, there - no 
way an administrator of the entity can manually install software updates to the 
operating system or application software. Therefore, the entity needs some 
mechanism to update the operating system, but when the entity operating system 
is on disk, it is very difficult for a running operating system to update itself rel,ab,y. 
Further, if a running operating system on a headless entity attempts to update 
itself, and a fault occurs during an update, then the headless entity wil, crash and 
stop working, unless there is an effective automatic operating system rebuild 
scheme in place, which also restores applications settings. 

What is required is an install or rebuild process that is triggered in a variety 
of ways such that the process can be fully automated or manually controlled 
depending upon the type of trigger. Additionally, there is a requirement for a 
rebuild process mat is sensitive to the status of the computer entity data, such 
that if corrupted data is detected as part of the rebuild process this data would be 
deleted and replaced with uncorrupted default data. Conversely, if the data ,s 
o unconupted the rebuild process would not unnecessarily replace this data w,th 
default data. 
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Snmmn"/ " fthB Invention 

A^rding to first aspect of the present invention there is provided a method 
of reX an operation, state of a computer ent«y, said computer entty 
comprising: 

at least one data processor; 

at least one data storage device; 

a primary operating system capable of running said computer entity; 

a secondary operating system capable o, rebuilding said primary operating 

system; and 

a copy of said primary operating system stored on said data storage device; 
said method comprising the steps of : 

booting said computer en«y to operate from said secondary operating 

o system; and 

under controi of said secondary operating system, rebuilding said primary 
operating system from said copy of said primary operating system. 

According to a second aspect of the present invention mere is provided a 
computer entity comprising: 

at least one data processor; 

3 0 at least one data storage device; 



a primary 



operating system capable of running said computer entity; 
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a seconder operating system capable of reading said prima* operating 
system during a failure of said primary operating system; and 

5 a copy of said primary operating system 

According to a third aspect of the present invention there is provided a 
me ,hod of running a computer entity, said computer entity compnsmg: 
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15 



a data storage device divided into a plurality of partition areas; 
a primary operating system stored on a first said partition area; 

a secondary operating system stored on a second said partfflon area; 

said method comprising the steps of: 

storing a bacK up copy of said opera«ng system on a third said partition 



area. 



According to one implementation of the present invention a computer entity 

area, followed by an application rebuild. 

A prima* operafang system rebuild may be initiated by a variety of ggers 
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a manually initiated reset of the primary operating system, performed V. a web 
administration interface. 

Depending upon the triggers initiating the rebuild process and a set of 
corresZ g J set by the triggering process the primary operat,ng system 
ZZ rebuiH such that the computer entity conjuration data is preserved, such 
riteU for example, appiication conjuration a* T 

settings security configuration settings, or user specrfic data. Altemat ' v ^; 

d^ption is detected a deferent set of fiags are set by the tnggenng of me 

It « process, such tha, ai, or part of the existing data is deieted and repiaced 

with factory default data. 

, n one implementation, the end resui. foilowing a failur* of the primary 
operating system is that the headiess computer entity au.omatca.iy rebu„ds the 
IrnT operating system without any user inte.en.ion. The computer en«y s 
henread to continue norma, operates without any , oss to any aPP-~ 
or application configuration settings, in such a situation the only ,mpact to a user 
o userTof the computer entity is tha, the system simply goes off-line for a penod 
^Implementation, approximately 20-30 minutes) before » rega,ns fu„y 
o operational on-line status. 

, n a further implementation the end result after a failure of the primary 
operafing system is that the computer en,*y automatically rebuilds or ,nsta„s , £ 
p : ry operating system without any user intention such 
25 application data or applicafion configuration settings are replaced w,.h factory 
default date or default application configuration settings respeCvely. 

A ddi«ona„y. in the above implementations rebuiids ™* b * ^ | 
manually by a user communicating with the headless computer en«,ty v,a 
3 o suitable web administration user interface. 
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Within this patent specification the terms install and rebuild I are : used 
interchangeable such that each term may be applied to a process by wh,ch me 
primary operating system is reconstructed. 

B rief Dascrir"-" " f Drawings 

For a better understanding of the invention and to show how the same may 
b e carried into e«ec«, there wil, now be described by way of example or ^ 
specific embodiments, methods and processes accord,ng to the present 
invention with reference to the accompanying drawings ,n wtwh: 

Fig. 1 illustrates schematic* in perspective view a headless computer 

entity; 

Fig. 2 illustrates schematically details of components of the headless 
computer entity of Fig.1 ; 

Fig.3 illustrates schematically details of a partition architecture of a hard disk 
data storage device of the computer entity of Fig. 1 ; 

Fig 4 illustrates schematically a logical operating system architecture 
comprising three operating systems present within the headless computer enWy 

of Fig. 1; 

Fig 5 illustrates schematically components of the operating systems and 
5 appiications used in a self-repairing mode for rebuilding a primary operat,ng 
system and application configuration settings; 

Fig 6 illustrates a flow diagram showing schematically initial process steps 
of an operating system rebuild process of the computer entrty; 

Fig 7 illustrates schematically a plurality of trigger mechanisms which 
initiate an operating system rebuild process of the computer entrty; 
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Fig. 8 illustrates schematically a flow diagram showing process steps of a 
rebuild process in which application data is preserved; 

Fig. 9 illustrates schematically a flow diagram showing further process steps 
of the rebuild process of Fig/8; 

Fig. 10 illustrates schematically a flow diagram showing yet further process 
steps of the rebuild process of Fig. 8; 



10 



Fig. 11 illustrates schematically a flow diagram showing process steps of a 
rebuild process whereby application data is deleted; and 

Fig. 12 illustrates schematically a flow diagram showing the final process 
15 steps of the data delete rebuild process of Fig. 11. 



n , , „„■ r , ~»h. RM , Miirln fnr nrrvinr, Out the mvention 

There will now be described by way of example the best mode 
20 contemplated by the inventors for carrying out the invention. In the o owing 
ceschpfion numerous specific details are set forth in order to prov,de a horo gh 
understanding of the present inven«on. It wil, be apparent however, o one sk,»ed 
in the art. that the present invenUon may be pracficed wUhout limrtafon to these 
specific details. In other instances, we,, known methods and structures have no. 
25 been described in detail so as no. to unnecessary obscure me presen. ,nven.,on. 

,n .his specification, the term "data storage device", is used to describe any 
non-volatile data storage device surtable for storage of binary The term 

include conventional hard disk drives. Where the term "disk" or "d,sk dnve , th, 
30 is a specie example of a data storage device. In principal, the me hods and 
appals herein can be applied to any data storage device, and ,s not restneted 
specifically to disk drives or disks. 
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,n the best mode, a headless computer entity applies a »self-repa,nng 
method triggered by an operating system failure, in which a fully automated 
Tbl of a Primary operating system, and associated applications on the 
computer entity occurs. 

The option of triggering an operating system rebuild by manual trigger via a 
web page interface is also provided, so mat a user can manually initiate a pnmary 
operating system rebuild. Under manua, triggering, the operating system re « 
, L enher preserve app.,cation data and application configuration settings o, the 
computer entity, or delete application data and application * *° 

computer entity. A — initiated rebuild of the primary operating syaem^h 
application data preserved may be triggered under circumstances w ,h 
a an example, where there is a suspected minor corruption of the pnnwy 
s operating system, where other important services provided by the compu er entty 
are still running, but non-critica, services provided by the computer entity have 
ceased to operate correctly. 

Where a rebuild operation preserving computer entity data and settings are 
,„ triggered manually, the procedure followed is similar to that where an automatic 
rebuild of the primary operating system is triggered, usually as a resuit of a fa„ure 
o, a primary operating system. Configuration settings of the computer entity s,e 
restored after the rebuild, and application data, being data generated by 
applications running on the computer entity and stored within the computer entity, 
2 5 is unaffected by the rebuild process. 

On the other hand, where a rebuild is manually triggered in which the 
application data is deleted, the application configuration settings are restore* 
since these are still valid even if the appiication data is corrupted howeve ■*» 
30 application data itself is deleted during the rebuild process. The manually 
tigered primary operating system rebuild with application data delete proces 
may be activated where for example under conditions where there ,s a 
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suspected common of the application data, and it is required to re-set the 
application data back to a factory preset default condition. 

in each of the three rebuild processes, that is automatic rebuild, manually 
triggered rebuild with application data preserve and the manually triggered rebu,ld 
with application data delete, running of the computer entity is handed over from a 
primary operating system to a seconder emergency operating system, wh,ch 
has the purpose of rebuilding the primary operating system from a reserve stored 
copy of the primary operating system. The primary operating system, emergency 
operating system, and back-up copy of the primal operating system are each 
stored on different storage device partitions within the computer entity. Once the 
pnmary operating system has been rebuilt from the stored back-up copy of the 
primary operating system, application configuration settings, which are stored 
further data storage device partition in the computer entity, are automatically 
reapplied. Examples of application configuration settings include networks 
configuration settings, describing a networking connection of the computer entity 
with other computer entities; installed user data, describing how many users are 
installed, and identifying those users; administration security data describing an 
administration security setup of the computer entity; installed user settings data 
describing individual settings applied to each of one or a plurality of installed 
users; and back-up schedule data, describing a type of back-up and a tinmng 
schedule for data back-up implemented in the computer entrty. 

in a normal running mode of the computer entity running under control of 
; the primary operating system, the configuration data, stored in a data storage 
device partition area different to those used to store the primary operating system 
is updated either periodically and\or whenever configuration setting data 
changes. For example, when a new user is added to the computer entity, then 
the installed user data stored in the further data storage device partition area ,s 
o automatically updated to reflect the fact that a new user has been installed. 
Similariy. under normal operation, updates of other configuration data types are 
stored in the further data storage device partition area. Under fault conditions, 
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giving rise to a rebuild, the stored configuration data in the further partition is 
available to rebuild the operating system of the computer entity. 

The computer entity configuration settings are archived into a plurality of 
settings files, and a CHECKsum algorithm is applied to ensure that that arch,ved 
computer entity configuration setting data is not corrupted, when the computer 
entity configuration setting data is recovered. 

Applications running on the computer entity store data in a dedicated data 
storage device partition. The application data may either be deleted completely, 
or retained, depending upon whether a primary operating rebuild operafion wrth 
application data preserve, or with application data delete is init.ated. 

Referring to Fig. 1 of the accompanying drawings, there is illustrated 
schematically in perspective view a headless computer entity 100. The headless 
computer entity comprises a casing 101 containing a processor, memory, one or 
more data storage devices and one or more communications ports connectable 
to a local area network 102; optionally, a small display, for example a l.qu.d 
crystal display (LCD) 103 giving limited information of the status of the dev.ce, for 
example POWER ON mode, a STAND BY mode, or other modes of operafion; a 
CD ROM drive 104; and optionally a back-up data storage device 105, for 
example a known DDS tape storage device. The headless computer entity » not 
provided with console having a monitor, mouse, keyboard or other direct user 
interface, and does not allow direct interaction with a human operator. In 
operation, the headless computer entity is intended to be self-managing and self- 
maintaining, and typically will provide a particular function, for example data 
storage, within a network environment. An example of a headless computer 
entity of the type described may include a network attached storage dev.ce. 

Referring to Fig. 2 herein, there is illustrated schematically an architecture of 
hardware and firmware components of the headless computer ent.ty 200. The 
computer entity 200 comprises one or more communications ports 201; one or 
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more data processing devices 202 as are known in the art; a ™ 203 
associated with the data processors); at ieast one data storage 
example a hard disk date storage device, or an array of a ^ 
ata Lege devices e.g. a RAID array; an administration interface 205 opt,^ 
in the form of an HTML/XML page display interface; a sma d,splay e,. a .d 
crystal display device 206; a plurality of operating systems 207 as w„l be 
described heL after; and one or a pluraKy o, application programs 208 
providing functionality to the headless computer entity. 

Referring to Fig. 3 herein, mere is illustrated schematically a forma, of data 
storage device 204, upon which operating system(s) 207 are stored. The data 
" -ice is partled into a logica, da. storage area 300 = is 
into a pluralKy of partMon areas according to the * 0 ^ A "^ 
dM s,on into a primary partition area 300 and a -ondary pardon ^ ^ 
m ade. WKhin the primary par.cn area are a ^^^X 
primary operating system system partrtion 303 (POSSK), co a 
oZting system fl~ "sed to Mate a boot or re-boot of a pnmary opera ng 
^m f he computer entity; an emergency operating system system pa^n 
3 £ (EOSSP) containing f,les used for booting a secondary, emergency operating 
s t m under which fhe computer entity operates under 
primary operating system is inactive or is deactivated; an OEM partner, 305. a 
priZ operating system boot partition 306 (POSBP). which contains a mapnty 
o Tes\o the primary operating system and for one or more application^ and 
, ro m which a boot or re-boo, continues after initiation from the pnman « 
- system system partition 303; an emergency operating system boo. paction 307 
' SsBP Laining a majority of emergency operating system tiles, from wh,c 
L emergency operating system continues to boo. after 
EOSSP 304; a pnmary data partition 308 (POP) contam.ng an SQL dam base 
00 and a pluJLy of binary large obiects 310, (BLOBs); a user settings arc^ 

o partition^ (U8AP) U ^»^u-^^••■^■^ , ^ 

312 (RSP) typically having a capacity of the order of 4 g.gaby.es or more, and an 
3 , * UD area 313 (OSBA) containing a pristine uncorrupted 

operating system back-up area jio l" 1 " 1 "' 
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back-up copy of the primary operating system files 314. The primary operating 
system system partition 303 and the emergency operating system system 
partition 304 are small "boot strap" system partitions which are used to start the 
operating system boot process tor the primary or emergency operating system 
respectively, and then hand over the rest of the operating system boot processed 
to the primary operating system boot partition 306 or the emergency operating 
system boot partition 307 respectively, depending upon whether a primary 
operating system boot or an emergency operating system boot has been 

initiated. The secondary data partition 302 typically stores a plurality of brnary 

tag. objects 315. In other implementations the secondary data partition 302. 

may store SQL database flies, in addition to those SQL database files stored on 

the primary data partition 308. 

The user settings archive partition 311 contains an archive of for example, 
user configuration settings, networking configuration settings, secunty 
configuration settings, including user administration names and passwords, 
TCP/IP addresses and net mask, the system network name, time zone 
information and application specific configuration settings. The user settings 
archive partition 311 contains non-default configuration settings that have been 
changed post-installation of the data storage device 204 e.g. following the 
creation of the partition architecture as detailed in Fig. 3 and an initial installation 
of the three operating systems. The purpose of the user settings archive * to 
provide a source of information to restore the original configuration settings of the 
computer entity and the applications on the computer entity 100. 

The primary operating system files are divided between the primary 
operating system system partition 303, the primary operating system boo. 
partition 306, the primary data partition 308 and the secondary data partition 302. 
The emergency operating system files are divided between the emergency 
c operating system system partition 304, the emergency operating system boot 
partition 307 and if required a suitable data partition. The reserved space 
partition 312, during normal running of the computer entity in the field, is used as 



30003760 



-14- 



a "scratch space" area to create temporary files as part o, the normal runn,ng o, 
applications. This therefore separates out these temporary files from the other 
data partitions, and ensures that a„ the available space in the data paeons can 
be used for application data. 

The primary data partition 308 and the secondary data partition 302. 
containing various data and databases, remain untouched when a primary 
operating system rebuild with data preserve process is triggered. 

The operating system back-up area also contains "hotfix" software patches 
which serve as minor software updates. Such patches are typically introduced 
via a network connection or by means of a floppy disk. A minor update process 
using such patches is based on known patch installation software, but wrth 
inventive modifications as follows: 

Firstjy basic version checking is performed so that each -hotfix" patch can 
only be applied into the primary operating system version that it is intended for. 

Secondly, after the computer enfity has rebooted successfully any patch 
f„es detected in the operating system back-up area during the primary operatmg 
system rebuild process are automatically reapplied at the end of this process 
there are multiple patches present, then they are reapplied in alphabets, ma,n 



order. 



A "hotfix" patch represents a portion of code which replaces a portion of the 
primary operating system such that in the even, of a primary operating system 
Lure or defect, a portion of the defective operating system may be re P aced w,.h 
the relevant portion of the primary operating system (i.e. "hofflx" patch) stored ,n 
the operating system back-up area. 

Referring to Fig. 4 herein there is illustrated the three operating systems 
stored on the data storage device 204. The data storage device 204 compnses 
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a primary operating system (POS) 400. an emergency operat,ng ^ < E ° S > 
401 and a known good pristine copy of the primary operating system 402. The 
known good uncombed copy of the primary operating system compnses for 
Imple a copy of the primary operating system files 403 and cop,es o, default 
ate o the primary operating system 404. The primary operating system se.es 
the running or ,ve" operating system, the emergency operat,ng system 
comprises a "cut down" version of the primal operating system. If the pnn^y 
Tpelg system fails, the emergency operating system is configured to rebuiid 
1 primary operafing system using the known good hack-up copy of the pnmary 
operating system 402. 

The operating system back-up area 313 in addition to containing a copy of 
the primary operating system files 314. also contains data ^ descnbing the 
manufacturing default state of the primary operating system pardon and the date 

partitions. 

Referring to Fig. 5 herein, there is illustrated schematically an architecture of 
operating system 207 and administration interface 205. The o P era„ng system 
and interface comprises a web administration interface 500 allowing access to 
the computer enttty via a page display over a network connection, and ailowmg a 
manua, Let operation of the computer entity to be instructed from a remote user 
Tnsole; an error detection and reset trigger component 501 for detecting errors 
or faults in the primal operating system, and triggering a reset operate, a 
primary operating system restore u«y 502 for canying out a reset operation ,n 
s esponse to a trigger signal generated by the error detection trigger component 
501 or in response to a command for a reset by a user input via web 
administrator interface 500; a network provisioning *° 3 
provisioning other computer entities in a network, e.g. user or Cent computers, 
and as described previously, the primary operating system system pa^on m 
„ the emergency operating system system partition 304; the o P erat,n 3 system 
back-up area 31 3; and the user settings archive partition 31 1 . 
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Referring to Fig. 6 herein there is illustrated initial stages of a rebuild 
process, initiated by detection of a defect on the data storage device 204 at stage 
600 The emergency operating system is triggered at step 601. The vanous 
triggers associated with the reboot process described herein are detailed .n F.g. 7 
below. Following a trigger as detailed in Fig. 7 the emergency operating system 
is booted at stage 602. There are two ways of booting into the emergency 
operating system at stage 602, these being firstly via a "fail-over" scheme tngger, 
which is a BIOS based scheme such that if the primary operating system fa.ls to 
boot a predetermined number of times e.g. twice, then the BIOS will automatically 
boot from the emergency operating system system partition. Secondly, the 
emergency operating system may be booted by software responsive to the 
triggers detailed in Fig. 7. Following the booting of the emergency operat.ng 
system at stage 602 specific flags are set to indicate a specific type of rebu.ld 
process, at stage 603. Differing rebuild processes include, a rebuild process 
preserving user data and a rebuild process deleting user data. An emergency 
operating system boot counter is reset by the BIOS at stage 604, such that the 
next boot of the computer entity 100 is from the primary operating system as 
shown in stage 605. A user of the computer entity 100 is informed of the type of 
rebuild/update in step 606, such information being displayed via the web 
administration interface in step 607 and/or a liquid crystal display on the computer 
entity 100 at stage 608. The primary operating system restore utility is in.t.ated .n 
step 609 and depending upon the flags set at 603, which are determined 
effectively by the type of trigger (see Fig. 7) the primary operating system restore 
utility determines the type of rebuild required at 610. The type of flags or 
indicators set at stage 603 determine a rebuild with data present or data delete 
at stage 61 1 . 

Referring to Fig. 7 herein there is illustrated a variety of triggers which are 
used to initiate the booting of the emergency operating system at stage 602. A 
first automatic reset with data preserve flag set 700, occurs when the BIOS fa.l- 
over scheme is initiated 701 . Alternatively, an automatic reset flag for data delete 
702 is set when a data disk repair scheme 703 is initiated, such a data disk repa.r 
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scheme being initiated when, for example, it has been detected that data on the 
data storage device 204 is corrupted. 

The emergency operating system may be booted following a manually 
initiated trigger 704 whereby the data delete flag 705 or the data preserve ag 
706 may be set in response to a command entered via web -dr™*^ 
interface 500. Additionally, the emergency operating system may be booted by 
software 707 in response to an inaction to perform a software update 708 or ,n 
response to an instruct for a tape restore 709. A tape restore may be requ,red 
when for example, corruption of the back-up data/databases on the data storage 
device 204 occurs. When performing a tape restore 709 the pnmary opera.,ng 
system restore utility 502 firstly erases the data of the computer entity and mstal s 
the back-up data from the tape. Secondly, the utility should check that the back- 
up tape media from which the user wishes to restore has the correct data and 
application name. 

Referring to Fig. 8 herein there is illustrated a flow diagram detailing the 
various stages of the rebuild process in which tne data preserved flag has been 
set The primary operating system restore utility overwrites selected pnma-y 
operas system partitions, these being the primal operating systerr , system 
partition and the pnmary operating system boot partition at stage 800. The 
operating system back-up area is used as a source to replace the files to be 
oveovritten in both partitions at stage 801. Following the overwnfng of he 
partitions at stage 800 the system identification (SID) is blank. The result of 
5 overwriting the partitions at stage 800. with flies from the operating system back- 
up area, is a copy of the prima* operating system being installed into the pnmary 
operating system system partition and the pnmary operating system boot partifon 
at stage 803. The user is informed of the status of the rebuild/update process at 
804, such status information being displayed via the web administration interface 
o 500 and/or the liquid crystal display on the computer entity. 
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The primary operating system restore utility sets a flag in step 805 ,n the 
user settings archive partmon to indicate that the system reset shouid restore he 
user settings 806. The primary operating restore ufility checks whether the 
manua, reset flag was set foiiowing the boot into the emergency operating , sy.tem 
at step 807. If the restore utility detects that the manual flag was set. ,t sets a 
further flag to indicate system reset: manual initiation at stages 809 and 810 
Tpectivel irrespective of the detection o, a manua, reset flag the pnmary 
operating system is rebooted at step 814. 

Referring to Fig. 9 herein there is illustrated the latter stages of the rebuild 
process. At step 900 the primary operating system is in a manufactunng defautt 
state, such that it wil, now set its system identified following th,s firs, boot The 
restore utility checks the flags for the type of rebuild required at stage 901 
Following I protection of reset application spec.0 da. 902 and the , rese 
computer en«ty conjuration settings 903 the restore utilrty check the flags o 
■restore user settings" 904. The restore utility proceeds to ^restore use 
settings from the user settings archive partition 311 at step 905. The *pe of 
slttngs include, for example, client account information 906, appl.ca.on 
duration settings 907 and administration name/password 908. In add^or , to 
resetting the application specific data 905 the restore utility restores the — 
en«y configuration settings at 909, such setfings being for example, the ne^o* 
settings 910 and the network system name 911. The computer ent,ty 
configuration settings are restored using the network provisioning component 
503. 

Referring to Fig. 10 herein there is illustrated the final stages of the rebuild 
process such that following the restoring of the settings the priman, operating 
ystem reboots at step 1000. The user settings archive 311 is cheeky for *. 
„ correct signature at step 1001 . When the primary operating system restore ut ,ty 
attempts ! retrieve the archive data, a CHECKsum parity check ut„«y checks he 
signature within the user settings archive to establish if the contents w„h,n the 
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user settings archive (the configuration data etc.) are incorrect, if incorrect the 
CHECKsum utility notes the particular failure e.g. a failure in the application 
configuration data, user account information or network configuration settings. In 
the event of the user settings archive containing an incorrect signature the 
user/configuration settings are set back to factory defaults at step 1002 and the 
user is informed of an archive signature failure at step 1003. Also the user ,s 
prompted to re-configure the incorrect and/or lost settings at step 1004, such re- 
configuring being performed by the user via, for example, a web administra«on 
interface. Irrespective of the archive signature status the user is informed of the 
reset trigger type at step 1005, such trigger types being as detailed ,n F,g. 7 and 
include an automatic reset. In such instances the automatic reset alert will be 
displayed to the user via the web administration interface and/or the liquid crystal 
display at step 1006. If the emergency operating system was booted following a 
manual reset trigger a user of the computer entity 100 will be informed of a 
manual reset alert via the web administration interface and/or the liquid crystal 
display at step 1007. All flags set by the restore utility are cleared at step 1008. 
Any "hotfix" patches stored in the operating system back-up area will then be 
automatically reapplied to the newly restored primary operating system at step 
1009, such that the newly restored primary operating system contains all updated 
data and settings prior to the primary operating system failure. 

Referring to Fig. 11 herein there is illustrated the stages of the rebuild 
process whereby the emergency operating system is booted at stage 602 having 
the data delete flag set. 

The primary operating system restore utility overwrites certain primary 
operating system partitions, these being the primary operating system system 
partition 303 and the primary operating system boot partition 306 at step 800. 
The operating system back-up area is used as a source to replace the files to be 
o overwritten in both partitions at step 801. Following the overwriting of the 
partitions at step 800 the system identification (SID) is blank. The result of the 
overwriting of the partitions at step 800 with files from the operating system back- 



30003760 



-20- 



up area result in a copy o, the primary operating system being .nsteiled ,n«o me 
primary operating system system partition and the primary operating system boot 
pain at step 803. A user o, the computer entity 100 is informed of the rebu,ld 

Is at 1 100 Such rebuiid status information being displayed to .e user v,a a 
w eb administration interface 500 and/or the .iauid crysta, d,spiay 103 a, step 806_ 
Add,iona,,y, a user of the computer entity 100 is aiso informed of the ; pr- 

deieting the back-up data at step 1101. The prima* operating sy^em res ore 

utility then proceeds to erase and recreate the prima* date partition at step 1 102. 

uimiy H . . ,, , coi server default database files 

the default primary data partition files and the SOU server 

are restored a, 1103 from the operating system back-up area 313 at tep 11£ 
The secondary data partition is recreated at step 1 105, and any de auK date ffles 
and SQL server database tiles are recreated at step 1 106. The res or. > u tiWy sets 

1 106 and the 'system reset: restore user settings" flag 806. 

Referring to Fig. 12 herein there is illustrated the final stages of tte restore 
process with data delete. The restore utility checks for a manual reset flag a. step 
1200 If a manual reset flag is detected the primary operating system restore 
utility sets a flag 1201. this flag being a "system reset: manua, in ,ation flag 
1202 The prima* operating system is then automatically rebooted at step 203. 
Following automatic reboot, user settings and application settings are restored 
and there is displayed a message on the web administration 
liq uid crysta, dispiay based on the flags set, which allows a user to , el, what type 
of reset has been performed, as described with reference to Fig. 9 here.n before. 

A prima* operating system rebuild incorporating data delete as detailed in 
Figs 1 1 and 12 may be considered as an emergency rebuild process in the event 
of a tape restore not being available. Stations in which an operating system 
reb ui,d with date de,ete wou,d be required include the data within the pnma* 
o date partition and/or the seconda* panHion and/or date on a second date d s 
being corrupted. Additionally, the above data delete process may be reou,red 
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when a data storage device 204. being a data disk, has failed due to an errorwith 

the disk or its data. 
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Claims: 

L A method of restoring an operational state of a computer entrty, 
said computer entity comprising: 

at least one data processor; 

at least one data storage device; 

a primary operating system capable of running said computer entity; 

a secondary operating system capable of rebuilding said primary operating 
system; and 

a copy of said prima* operating system in an as manufactured state, stored 
on said data storage device; 

said method comprising the steps of: 

booting said computer entity to operate from said secondary operating 
system; and 

under control of said secondary operating system, rebuilding said primary 
operating system from said copy of said primary operating system. 



The 



method as claimed in Claim 1 , further comprising the step of: 



erasing said primary operating system prior to rebuilding said primary 
operating system from said copy of said primary operating system. 



3. The 



method as claimed in Claim 1 , further comprising the step of: 
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restoring configuration settings of said computer entity from configuration 
data stored in a partition of said data storage device separate to said pnmary 
operating system and secondary operating system. 

4 The method as claimed in claim 3, wherein said configuration data 
comprises data describing one or more application settings for running an 
application on said computer entity. 

5. The method as claimed in claim 3. wherein said configuration data 
comprises data selected from the set: 

a network configuration data describing a networking configuration of the 
computer entity; 

an administration security data describing administration security settings 
applied to the computer entity; 

an installed user data describing installed users on the computer entity; 

a user settings data describing individual settings for at least one installed 
user on the computer entity; and 

a back-up schedule data describing a back-up schedule for backing up data 
of said computer entity. 

6 The method as claimed in claim 3, further comprising the step of 
applying a CHECKsum to said configuration data prior to storing said 
configuration data in its said partition. 

o 7 . The method as claimed in claim 3, further comprising the step of: 
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checking said configuration data for corruption, prior to restoring said 
configuration settings 



8. 



The method as claimed in claim 1 , further comprising the step of: 



restoring data describing default application settings used by at least one 
application program of said computer entity. 

9. The method as claimed in claim 1 , further comprising the step of: 

deleting an application data generated by at least one application program 
of said computer entity. 

10. The method as claimed in claim 1, wherein said boot of said 
secondary operating system is activated automatically under conditions selected 
from the following set: 

a failure of said primary operating system; 

a failure of a boot from a partition of said data storage device containing 
said primary operating system. 

11. The method as claimed in claim 1 , further comprising the step of: 

reading a plurality of settings flags to determine whether a rebuild of said 
primary operating system is triggered with application data delete or with 
application data preserved. 



12. 



The method as claimed in claim 1 , further comprising the step of: 



resetting said computer entity by rebooting from said secondary operating 
system; and 
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deleting application data stored on a data storage device of said computer 
entities; and 

recreating default application data on said data storage device. 

13. The method as claimed in claim 12, further comprising the step of 
recreating default databases on said data storage device. 

14. A computer entity comprising: 
at least one data processor; 

at least one data storage device; 

a primary operating system capable of running said computer entity; 

a secondary operating system capable of rebuilding said primary operating 
system during a failure of said primary operating system; 

a copy of said primary operating system in an as manufactured state; and. 

Configuration data describing a configuration of said computer entity. 

1 5. The computer entity as claimed in Claim 14, wherein: 

said primary operating system is stored in a first partition area of said data 
storage device; 

said secondary operating system is stored in a second partition area of said 
data storage device; 
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said copy of said primary operating system is stored in a third partition area 
of said data storage device; and 

said configuration data is stored in a fourth partition area of said data 
storage device. 

16. The computer entity as claimed in Claim 14, wherein said 
configuration data comprises data selected from the set: 

a network configuration data describing a networking configuration of the 
computer entity; 

an administration security data describing administration security settings 
applied to the computer entity; 



an 



installed user data describing installed users on the computer entity; 



a user settings data describing individual settings for at least one installed 
user on the computer entity; and 

a back-up schedule data describing a back-up schedule for backing up data 
of said computer entity. 

1 7. The computer entity as claimed in Claim 14, further comprising an 
administration interface configured to allow a manually activated trigger of a 
rebuild of said primary operating system. 

18. The computer entity as claimed in Claim 14, comprising an 
automatic trigger operable to detect when a fault occurs in said primary operating 
system, and upon detecting a fault in said primary operating system, to trigger a 
boot from said secondary operating system. 
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19. The computer entity as claimed in Claim 14, wherein said data 
storage device comprises at least one disk drive. 

20 The computer entity as claimed in Claim 14, which is devoid of a 
user console running directly from a said operating system of said computer 
entity. 

21 . A method of running a computer entity, said computer entity 
comprising: 

a data storage device divided into a plurality of partition areas; 
a primary operating system stored on a first said partition area; 
a secondary operating system stored on a second said partition area; 
said method comprising the steps of: 

storing a back up copy of said operating system on a third said partition 

area. 

22 The method as claimed in Claim 22. further comprising the step of 
automatically updating configuration data stored in a fourth partition area of said 
data storage device. 

23. The method as claimed in Claim 23, wherein said configuration 
data comprises: 

a network configuration data describing a networking configuration of the 
o computer entity; 
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an administration security data describing administration security settings 
applied to the computer entity; 



an 



installed user data describing installed users on the computer entity; 



a user settings data describing individual settings for at least one installed 
user on the computer entity; and 

a back-up schedule data describing a back-up schedule for backing up data 
of said computer entity. 
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Abstract 

SELF-REPAIRING OPERATING SYSTEM FOR COMPUTER ENTITIES 

A method of installing an operating system into a computer entity 
comprising at least one data storage device, a primary operating system and an 
5 emergency operating system, the method characterized by comprising the steps 
of: creating a copy of the primary operating system on an operating system back- 
up area of the data storage device of the computer entity; operating the computer 
entity using the emergency operating system; storing data of the computer entity 
on a user settings archive of the data storage device; replacing the primary 
10 operating system with the copy of the primary operating system; automatically 
checking for corrupted data on the user settings archive; restoring settings data of 
the computer entity from the user settings archive. In the event of a failure 
involving data corruption, application data may be deleted and recreated in a 
known good default state. 
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